Access rights – introduction

Implementation

There are two possible scenarios for implementing DataGuard module in the given system:

1.Blocking all/most rights on the atlas level, and then allowing some of these down the hierarchy tree.

2.Allowing for all actions on the atlas level and blocking on the level of maps and for specific workstations.

Choosing one of the above strategies depends on the nature of the system, where the data protection is implemented.

Access rights can be assigned for the following categories:

•Audit – determines whether access to the given device should be logged. Logging includes information on file renaming, creating, copying or deleting and access with writing.

•Reading – ability to read information from the specified medium.

•Writing – ability to write information on the specified medium.

•Executing – ability to run programs located on the specified medium.

Each category (reading, writing, executing) can have one of two states: allow or block. An audit can be enabled or disabled. Devices without a file system can have only one access right category. It has the value of enabled, if the user is allowed to use the device, and disabled, if the opposite is true.

To define access rights to media, go to the atlas, group or user properties.